Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Scott-Railton Profile picture
@jsrailton
Sep 22, 2023 10 tweets 6 min read Read on X
Scrolly
🚨UPDATE your @Apple products now!

We @citizenlab w/TAG's @maddiestone caught #predator spyware attacks against a prominent pro-democracy Egyptian politician after he announced presidential ambitions.

Apple rushed a patch.

It gets crazier 1/

citizenlab.ca/2023/09/predat…
Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone wi...
2/ Ahmed Eltantawy got in touch with us @citizenlab, worried his devices were targeted in #Egypt.

He was right. His iPhone on @VodafoneEgypt was targeted for network injection.

As he browsed the net, the attackers were trying to slip a #Predator infection onto his device.

Image
Image
Image
3/ It gets worse.

We attribute the spyware injection system to a @Sandvine Packet Logic product w/high confidence.

Sandvine has been accused in past of facilitating human rights abuses in the past.

Owned by NSO Group's former owner Francisco Partners.




Image
Image
Image
Image
4/ This kind of exploit delivery through injection DOES NOT require a target to click as our collaborator, the brilliant @maddiestone, points out in her post.

It's a seriously dangerous kind of attack & hard to protect against.
blog.google/threat-analysi…
Image
@maddiestone 5/ Apple moved quickly to fix the zero-day exploits @maddiestone & @billmarczak discovered.

We encourage everyone to immeidately update their apple products.

There is a piece of good security news buried in all this... Image
@maddiestone @billmarczak 6/ We believe & Apple's Security Engineering & Architecture Team confirms, Lockdown Mode would have blocked this attack!

We *strongly* encourage all Apple users that may be at risk because of who they are or what they do to enable Lockdown Mode!

support.apple.com/en-us/HT212650
Image
@maddiestone @billmarczak 7/ Ahmed ElTantawy wasn't just targeted with network injection!

He was also targeted with #Predator spyware links in decoy messages sent as texts & over @WhatsApp.

One of the attacks masqueraded as communications from the International Federation for Human Rights @fidh_en Image
@maddiestone @billmarczak @WhatsApp @fidh_en 8/ This summer the 🇺🇸US hit developer & distributor of #Predator spyware (Cytrox & Intellexa) with blacklisting.

This latest abuse revelation affirms the determination that the spyware continues to fuel human rights abuses.

By @ddimolfetta & @Post_AG
washingtonpost.com/national-secur…
Image
9/ Pulling back the lens from the tech side of this #Predator attack:

Mercenary spyware is autocrat fuel.

When you hack a pro-democracy presidential hopeful in an autocracy... you are doing dictatorship.

And spyware companies know exactly who they are selling to. Image
10/ Without brave victims like Ahmed Tantawy getting checked & coming forwards, these recent exploits would not have been found.

Billions of apple devices would still be vulnerable.

Including yours. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Oct 5
CATASTROPHIC: Chinese hackers massively wiretapped 🇺🇸USA by compromising the interception portals mandated under US law.

Remember this the next time a government demands encryption backdoors.

By: @bysarahkrouse @dnvolz @aviswanatha @bobmcmillan h/t @RonDeibert

READ: wsj.com/tech/cybersecu…Image
Image
Image
Image
Manufacturers of networking and phone gear must follow specific standards for 'lawful interception' in different jurisdictions (e.g. CALEA & ETSI's standards)

But as we learn time & time again, the scope of potential access & harm almost never matched by efforts to detect & block malicious use.Image
There's constant pressure from governments to bake-in systems for access.

Failure to comply with those demands is met with big sanctions. Just look at Durov.

Yet I predict that there will be zero meaningful accountability over this breach.

Read 10 tweets
John Scott-Railton Profile picture
Oct 3
BREAKING: @Microsoft & @TheJusticeDept take simultaneous action against 🇷🇺Russian FSB-backed hacking group.

#StarBlizzard/ #ColdRiver has been targeting a wide swath of US officials & civil society.

Sweet moment because civil society played a key role in the lawsuit. Thanks to @NonprofitISAC & our partner @accessnow, voices of victims from our collaborative investigation into the spear phishing operation were included. 1/Image
Image
Image
Image
2/ Back in August we @citizenlab alongside our partners
@accessnow w/@DeptFirst, Arjuna Team & RESIDENT.ngo published a collaborative investigation into Russian gov-backed phishing.👇

The clever attacks were causing harm around the world.
x.com/jsrailton/stat…
3/ The Russian spear phishing that we tracked used techniques honed from years of targeting civil society.

& years of adapting to technical countermeasures.

And it persisted targeting civil society & journalists, despite recent naming & shaming.

Read 7 tweets
John Scott-Railton Profile picture
Sep 16
NEW: fresh 🇺🇸US sanctions dropping on mercenary spyware industry.

Biden administration just fired a 2nd salvo against the #Intellexa consortium, which sells #Predator spyware.

The spyware is linked to human rights abuses around the globe & was used to target US officials. 1/

home.treasury.gov/news/press-rel…Image
Image
Image
Image
2/ Back in March, US first used ‘big gun’ @USTreasury sanctions against #Intellexa.

It was precedent-setting & sent a chill through the spyware industry.

Today’s sanctions against yet-more Intellexa people read as the US saying "can you hear me yet?"
3/ Quick review of some ways that the Biden Harris administration has been tackling the problem of mercenary spyware proliferation:

Targeted Actions against bad companies:
Big headache
✅@CommerceGov Entity Listing
(Now US companies can't sell you products)

Migraine
✅ @StateDept Visa Bans
(You aren't coming to the US)

Cluster Headache
✅@USTreasury Dept Sanctions
(Your assets are blocked, good luck banking anywhere)

Executive Actions
✅ The 2023 Executive Order
(The big US market is closed to spyware companies enabling human rights abuse & natsec harms)

Diplomatic Efforts
✅ 2023 Joint State on Commercial Spyware
(Wide set of norms on stopping misuse, consequences for bad companies & transparency + oversight)
✅ Participation in other countries efforts (e.g. UK/FR-led Pall Mall Process)Image
Image
Image
Image
Read 6 tweets
John Scott-Railton Profile picture
Sep 1
If you collect it, they will come.

Investigators will eventually identify any consumer product that persistently records people's activities.

One day, they'll show up, requesting access.

If the data is consistently helpful, they'll stop asking & start demanding.

Once this happens enough the company will probably create a law enforcement portal to simplify access & save customers the trouble...🧵Image
2/ So many companies build consumer products with inherent pervasive surveillance collection without planning for the inevitable moment when demands begin coming in.

If you collect it, the demands will always come.

When you don't anticipate this moment in how you balance your design decisions, you expose yourself & your consumers to a lot of pressure. And introduce society to new kinds of surveillance.

It's an ethical conundrum in societies with a rule of law and judicial oversight.

And it is entirely more ominous when your product reaches countries that have none of that.
3/ Transparency: reworked the thread since folks flagged that I'm not the only person that likes "if you collect it, they will come" to describe risks from data collection:

Some spots it shows up in, there are surely more I couldn't find with a quick search:

- ISC2 contributor mgorman discussing risks from Google's Sensorvault

-Whitney Merrill(@wbm312) discussing risks from COVID data collection👇

-The Irreal Blog, in an interesting post about search warrants

-Me, quoted in "Cybersecurity and Humanitarian Organizations - On a Collision Course?" (Amaral & Verity, 2018).


community.isc2.org/t5/Tech-Talk/I…
irreal.org/blog/?p=10054
reliefweb.int/report/world/c…
Image
Image
Image
Read 4 tweets
John Scott-Railton Profile picture
Aug 25
WARNING: Account impersonating the popular @harris_wins now has a blue check.

Top result is a copycat with 72k+ followers that spreads inflammatory falsehoods.

Genuine account isn't even the first search result. Please report: ❌@kamala_wins47Image
Image
Image
Image
2/ This copycat regularly & misleadingly claims censorship to request amplification.

Over 200k people saw this particular misinformation, thousands more amplified it.

The account should never have been verified, and it astonishes me that @Safety hasn't pulled it yet. Image
3/ More false claims every few hours = more dilution of reality & partisan polarization.

All to sell... mugs & shirts.

Tip: you can find some related accounts by searching for "bestusatee" (online storefront this spammer is using)

Image
Image
Read 5 tweets
John Scott-Railton Profile picture
Aug 25
Misunderstandings about #Telegram & encryption are already shaping the conversation about Pavel Durov's detention. So, here's a primer.

Telegram is often seen as an "encrypted messenger" but for many users it functions a lot more like an unencrypted social network. 1/
2/ Remember, most #Telegram features are not end-to-end-encrypted, e.g.:

No e2e encrypted by default:
❌Regular messages

Never e2ee:
❌ Groups
❌Channels

E2ee only when you opt into:
✅ Secret chats

If you see an❌ this means that Telegram can/could access the contents.
3/ Absence of end-to-end encryption across much of the platform means #Telegram has the keys & could technically be compelled to moderate & give governments access to that user activity.

The potential for access inevitably draws gov attention to #Telegram & CEO Pavel Durov.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(